
<!doctype html>
<html lang="zh" class="no-js">
  <head>
    
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width,initial-scale=1">
      
        <meta name="description" content="脚本文档">
      
      
        <meta name="author" content="Logan">
      
      
        <link rel="canonical" href="http://localhost:8000/installation/kubernetes/best-practices/">
      
      
        <link rel="prev" href="../operations/">
      
      
        <link rel="next" href="../../cicd/">
      
      
      <link rel="icon" href="../../../image/favicon.ico">
      <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.50">
    
    
      
        <title>最佳实践 - 运维无忧文档</title>
      
    
    
      <link rel="stylesheet" href="../../../assets/stylesheets/main.a40c8224.min.css">
      
        
        <link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">
      
      


    
    
      
    
    
      
        
        
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
        <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
      
    
    
      <link rel="stylesheet" href="../../../css/extra.css">
    
      <link rel="stylesheet" href="../../../css/prism.css">
    
    <script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
    
      

    
    
    
  </head>
  
  
    
    
      
    
    
    
    
    <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue">
  
    
    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">
      
        
        <a href="#kubernetes" class="md-skip">
          跳转至
        </a>
      
    </div>
    <div data-md-component="announce">
      
    </div>
    
    
      

  

<header class="md-header md-header--shadow" data-md-component="header">
  <nav class="md-header__inner md-grid" aria-label="页眉">
    <a href="../../.." title="运维无忧文档" class="md-header__button md-logo" aria-label="运维无忧文档" data-md-component="logo">
      
  <img src="../../../image/logo.png" alt="logo">

    </a>
    <label class="md-header__button md-icon" for="__drawer">
      
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
    </label>
    <div class="md-header__title" data-md-component="header-title">
      <div class="md-header__ellipsis">
        <div class="md-header__topic">
          <span class="md-ellipsis">
            运维无忧文档
          </span>
        </div>
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">
            
              最佳实践
            
          </span>
        </div>
      </div>
    </div>
    
      
        <form class="md-header__option" data-md-component="palette">
  
    
    
    
    <input class="md-option" data-md-color-media="" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue"  aria-label="Switch to dark mode"  type="radio" name="__palette" id="__palette_0">
    
      <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5s-1.65.15-2.39.42zM3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29zm.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14zM20.65 7l-1.77 3.79a7.02 7.02 0 0 0-2.38-4.15zm-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29zM12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44z"/></svg>
      </label>
    
  
    
    
    
    <input class="md-option" data-md-color-media="" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="blue"  aria-label="Switch to light mode"  type="radio" name="__palette" id="__palette_1">
    
      <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3zm3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95zm-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31"/></svg>
      </label>
    
  
</form>
      
    
    
      <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
    
    
    
      <label class="md-header__button md-icon" for="__search">
        
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
      </label>
      <div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" name="search">
      <input type="text" class="md-search__input" name="query" aria-label="搜索" placeholder="搜索" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
      <label class="md-search__icon md-icon" for="__search">
        
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
        
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
      </label>
      <nav class="md-search__options" aria-label="查找">
        
        <button type="reset" class="md-search__icon md-icon" title="清空当前内容" aria-label="清空当前内容" tabindex="-1">
          
          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
        </button>
      </nav>
      
    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
        <div class="md-search-result" data-md-component="search-result">
          <div class="md-search-result__meta">
            正在初始化搜索引擎
          </div>
          <ol class="md-search-result__list" role="presentation"></ol>
        </div>
      </div>
    </div>
  </div>
</div>
    
    
      <div class="md-header__source">
        <a href="https://git.opsx.vip/docs/wuyou.run.git" title="前往仓库" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
  </div>
  <div class="md-source__repository">
    wuyou.run
  </div>
</a>
      </div>
    
  </nav>
  
</header>
    
    <div class="md-container" data-md-component="container">
      
      
        
          
        
      
      <main class="md-main" data-md-component="main">
        <div class="md-main__inner md-grid">
          
            
              
              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    



<nav class="md-nav md-nav--primary" aria-label="导航栏" data-md-level="0">
  <label class="md-nav__title" for="__drawer">
    <a href="../../.." title="运维无忧文档" class="md-nav__button md-logo" aria-label="运维无忧文档" data-md-component="logo">
      
  <img src="../../../image/logo.png" alt="logo">

    </a>
    运维无忧文档
  </label>
  
    <div class="md-nav__source">
      <a href="https://git.opsx.vip/docs/wuyou.run.git" title="前往仓库" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
  </div>
  <div class="md-source__repository">
    wuyou.run
  </div>
</a>
    </div>
  
  <ul class="md-nav__list" data-md-scrollfix>
    
      
      
  
  
  
  
    <li class="md-nav__item">
      <a href="../../.." class="md-nav__link">
        
  
  <span class="md-ellipsis">
    首页
  </span>
  

      </a>
    </li>
  

    
      
      
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
        
          
          <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Linux基础设施
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2">
            <span class="md-nav__icon md-icon"></span>
            Linux基础设施
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_1" >
        
          
          <label class="md-nav__link" for="__nav_2_1" id="__nav_2_1_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    基础环境配置
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_1_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_1">
            <span class="md-nav__icon md-icon"></span>
            基础环境配置
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../system_init/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    系统初始化
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../dev_env/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    开发环境搭建
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_2" >
        
          
          <label class="md-nav__link" for="__nav_2_2" id="__nav_2_2_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    常用服务部署
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_2_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_2">
            <span class="md-nav__icon md-icon"></span>
            常用服务部署
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_2_1" >
        
          
          <label class="md-nav__link" for="__nav_2_2_1" id="__nav_2_2_1_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Web服务与代理
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_2_1_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_2_1">
            <span class="md-nav__icon md-icon"></span>
            Web服务与代理
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../web_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Web服务
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../proxy_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    代理服务
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../services-loadbalancing/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    负载均衡服务
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../cache_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    缓存加速服务
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_2_2" >
        
          
          <label class="md-nav__link" for="__nav_2_2_2" id="__nav_2_2_2_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    数据存储
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_2_2_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_2_2">
            <span class="md-nav__icon md-icon"></span>
            数据存储
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../database_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    数据库服务
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../storage_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    文件存储服务
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_2_3" >
        
          
          <label class="md-nav__link" for="__nav_2_2_3" id="__nav_2_2_3_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    监控与日志
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_2_3_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_2_3">
            <span class="md-nav__icon md-icon"></span>
            监控与日志
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../monitoring_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    监控系统
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../logging_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    日志管理
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../message_queue_services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    消息队列
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_3" >
        
          
          <label class="md-nav__link" for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    系统运维
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2_3">
            <span class="md-nav__icon md-icon"></span>
            系统运维
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../storage/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    存储与备份
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../lvm/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    LVM存储管理
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../network/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    网络服务配置
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../monitor/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    监控与日志
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
      
      
  
  
    
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--active md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
        
          
          <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    容器与编排
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
          <label class="md-nav__title" for="__nav_3">
            <span class="md-nav__icon md-icon"></span>
            容器与编排
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_1" >
        
          
          <label class="md-nav__link" for="__nav_3_1" id="__nav_3_1_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Docker
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_1_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_3_1">
            <span class="md-nav__icon md-icon"></span>
            Docker
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../docker/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    基础安装
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../docker/build/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    镜像构建
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../docker/services/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    常用服务部署
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../docker/network-storage/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    网络与存储
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../docker-compose/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Docker Compose
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
    
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--active md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_3" checked>
        
          
          <label class="md-nav__link" for="__nav_3_3" id="__nav_3_3_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Kubernetes
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_3_label" aria-expanded="true">
          <label class="md-nav__title" for="__nav_3_3">
            <span class="md-nav__icon md-icon"></span>
            Kubernetes
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    集群部署
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../resources/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    资源管理
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../operations/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    运维操作
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
    
  
  
  
    <li class="md-nav__item md-nav__item--active">
      
      <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
      
      
        
      
      
        <label class="md-nav__link md-nav__link--active" for="__toc">
          
  
  <span class="md-ellipsis">
    最佳实践
  </span>
  

          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <a href="./" class="md-nav__link md-nav__link--active">
        
  
  <span class="md-ellipsis">
    最佳实践
  </span>
  

      </a>
      
        

<nav class="md-nav md-nav--secondary" aria-label="目录">
  
  
  
    
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      目录
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#_1" class="md-nav__link">
    <span class="md-ellipsis">
      架构设计最佳实践
    </span>
  </a>
  
    <nav class="md-nav" aria-label="架构设计最佳实践">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_2" class="md-nav__link">
    <span class="md-ellipsis">
      命名空间策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_3" class="md-nav__link">
    <span class="md-ellipsis">
      多集群架构
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_4" class="md-nav__link">
    <span class="md-ellipsis">
      容器设计最佳实践
    </span>
  </a>
  
    <nav class="md-nav" aria-label="容器设计最佳实践">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_5" class="md-nav__link">
    <span class="md-ellipsis">
      镜像管理
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_6" class="md-nav__link">
    <span class="md-ellipsis">
      容器安全最佳实践
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_7" class="md-nav__link">
    <span class="md-ellipsis">
      工作负载最佳实践
    </span>
  </a>
  
    <nav class="md-nav" aria-label="工作负载最佳实践">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#deployment" class="md-nav__link">
    <span class="md-ellipsis">
      Deployment策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_8" class="md-nav__link">
    <span class="md-ellipsis">
      有状态应用管理
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_9" class="md-nav__link">
    <span class="md-ellipsis">
      配置与密钥管理
    </span>
  </a>
  
    <nav class="md-nav" aria-label="配置与密钥管理">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_10" class="md-nav__link">
    <span class="md-ellipsis">
      配置管理最佳实践
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_11" class="md-nav__link">
    <span class="md-ellipsis">
      密钥管理最佳实践
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_12" class="md-nav__link">
    <span class="md-ellipsis">
      网络最佳实践
    </span>
  </a>
  
    <nav class="md-nav" aria-label="网络最佳实践">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_13" class="md-nav__link">
    <span class="md-ellipsis">
      网络策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_14" class="md-nav__link">
    <span class="md-ellipsis">
      服务网格集成
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_15" class="md-nav__link">
    <span class="md-ellipsis">
      资源管理与自动伸缩
    </span>
  </a>
  
    <nav class="md-nav" aria-label="资源管理与自动伸缩">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_16" class="md-nav__link">
    <span class="md-ellipsis">
      资源配置最佳实践
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_17" class="md-nav__link">
    <span class="md-ellipsis">
      自动伸缩策略
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_18" class="md-nav__link">
    <span class="md-ellipsis">
      监控与可观测性
    </span>
  </a>
  
    <nav class="md-nav" aria-label="监控与可观测性">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_19" class="md-nav__link">
    <span class="md-ellipsis">
      监控架构
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_20" class="md-nav__link">
    <span class="md-ellipsis">
      日志管理
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_21" class="md-nav__link">
    <span class="md-ellipsis">
      分布式追踪
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_22" class="md-nav__link">
    <span class="md-ellipsis">
      灾备与恢复
    </span>
  </a>
  
    <nav class="md-nav" aria-label="灾备与恢复">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_23" class="md-nav__link">
    <span class="md-ellipsis">
      备份策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_24" class="md-nav__link">
    <span class="md-ellipsis">
      恢复策略
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#gitops" class="md-nav__link">
    <span class="md-ellipsis">
      GitOps与基础设施即代码
    </span>
  </a>
  
    <nav class="md-nav" aria-label="GitOps与基础设施即代码">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#gitops_1" class="md-nav__link">
    <span class="md-ellipsis">
      GitOps工作流
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_25" class="md-nav__link">
    <span class="md-ellipsis">
      多环境部署策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_26" class="md-nav__link">
    <span class="md-ellipsis">
      推荐工具和流程
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_27" class="md-nav__link">
    <span class="md-ellipsis">
      性能优化与成本控制
    </span>
  </a>
  
    <nav class="md-nav" aria-label="性能优化与成本控制">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_28" class="md-nav__link">
    <span class="md-ellipsis">
      资源优化策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_29" class="md-nav__link">
    <span class="md-ellipsis">
      成本分析与控制
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_30" class="md-nav__link">
    <span class="md-ellipsis">
      高效集群配置
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_31" class="md-nav__link">
    <span class="md-ellipsis">
      持续学习与改进
    </span>
  </a>
  
    <nav class="md-nav" aria-label="持续学习与改进">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_32" class="md-nav__link">
    <span class="md-ellipsis">
      建立最佳实践文档
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_33" class="md-nav__link">
    <span class="md-ellipsis">
      安排定期评审
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kubernetes_1" class="md-nav__link">
    <span class="md-ellipsis">
      跟踪Kubernetes社区
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_34" class="md-nav__link">
    <span class="md-ellipsis">
      实战示例：完整应用部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="实战示例：完整应用部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_35" class="md-nav__link">
    <span class="md-ellipsis">
      多层应用架构
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_36" class="md-nav__link">
    <span class="md-ellipsis">
      自动化部署流程
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
    </ul>
  
</nav>
      
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
      
      
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
        
          
          <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    DevOps工具链
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_4">
            <span class="md-nav__icon md-icon"></span>
            DevOps工具链
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../cicd/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    CI/CD流水线
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../devops/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    自动化运维
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
      
      
  
  
  
  
    
    
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
        
          
          <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
            
  
  <span class="md-ellipsis">
    Shell 快速入门
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_5">
            <span class="md-nav__icon md-icon"></span>
            Shell 快速入门
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../../shell/introduction/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Linux 基础命令
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../../shell/commands/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    常用命令集
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../../shell/variables_and_data_types/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    变量和数据类型
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../../shell/control_flow/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    控制流程 (if、else、for、while)
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../../shell/functions/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Shell函数
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../../shell/text_processing/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    文本处理三剑客
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="../../../shell/scripts/" class="md-nav__link">
        
  
  <span class="md-ellipsis">
    Shell脚本实战
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
  </ul>
</nav>
                  </div>
                </div>
              </div>
            
            
              
              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    

<nav class="md-nav md-nav--secondary" aria-label="目录">
  
  
  
    
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      目录
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#_1" class="md-nav__link">
    <span class="md-ellipsis">
      架构设计最佳实践
    </span>
  </a>
  
    <nav class="md-nav" aria-label="架构设计最佳实践">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_2" class="md-nav__link">
    <span class="md-ellipsis">
      命名空间策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_3" class="md-nav__link">
    <span class="md-ellipsis">
      多集群架构
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_4" class="md-nav__link">
    <span class="md-ellipsis">
      容器设计最佳实践
    </span>
  </a>
  
    <nav class="md-nav" aria-label="容器设计最佳实践">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_5" class="md-nav__link">
    <span class="md-ellipsis">
      镜像管理
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_6" class="md-nav__link">
    <span class="md-ellipsis">
      容器安全最佳实践
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_7" class="md-nav__link">
    <span class="md-ellipsis">
      工作负载最佳实践
    </span>
  </a>
  
    <nav class="md-nav" aria-label="工作负载最佳实践">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#deployment" class="md-nav__link">
    <span class="md-ellipsis">
      Deployment策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_8" class="md-nav__link">
    <span class="md-ellipsis">
      有状态应用管理
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_9" class="md-nav__link">
    <span class="md-ellipsis">
      配置与密钥管理
    </span>
  </a>
  
    <nav class="md-nav" aria-label="配置与密钥管理">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_10" class="md-nav__link">
    <span class="md-ellipsis">
      配置管理最佳实践
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_11" class="md-nav__link">
    <span class="md-ellipsis">
      密钥管理最佳实践
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_12" class="md-nav__link">
    <span class="md-ellipsis">
      网络最佳实践
    </span>
  </a>
  
    <nav class="md-nav" aria-label="网络最佳实践">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_13" class="md-nav__link">
    <span class="md-ellipsis">
      网络策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_14" class="md-nav__link">
    <span class="md-ellipsis">
      服务网格集成
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_15" class="md-nav__link">
    <span class="md-ellipsis">
      资源管理与自动伸缩
    </span>
  </a>
  
    <nav class="md-nav" aria-label="资源管理与自动伸缩">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_16" class="md-nav__link">
    <span class="md-ellipsis">
      资源配置最佳实践
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_17" class="md-nav__link">
    <span class="md-ellipsis">
      自动伸缩策略
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_18" class="md-nav__link">
    <span class="md-ellipsis">
      监控与可观测性
    </span>
  </a>
  
    <nav class="md-nav" aria-label="监控与可观测性">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_19" class="md-nav__link">
    <span class="md-ellipsis">
      监控架构
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_20" class="md-nav__link">
    <span class="md-ellipsis">
      日志管理
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_21" class="md-nav__link">
    <span class="md-ellipsis">
      分布式追踪
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_22" class="md-nav__link">
    <span class="md-ellipsis">
      灾备与恢复
    </span>
  </a>
  
    <nav class="md-nav" aria-label="灾备与恢复">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_23" class="md-nav__link">
    <span class="md-ellipsis">
      备份策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_24" class="md-nav__link">
    <span class="md-ellipsis">
      恢复策略
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#gitops" class="md-nav__link">
    <span class="md-ellipsis">
      GitOps与基础设施即代码
    </span>
  </a>
  
    <nav class="md-nav" aria-label="GitOps与基础设施即代码">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#gitops_1" class="md-nav__link">
    <span class="md-ellipsis">
      GitOps工作流
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_25" class="md-nav__link">
    <span class="md-ellipsis">
      多环境部署策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_26" class="md-nav__link">
    <span class="md-ellipsis">
      推荐工具和流程
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_27" class="md-nav__link">
    <span class="md-ellipsis">
      性能优化与成本控制
    </span>
  </a>
  
    <nav class="md-nav" aria-label="性能优化与成本控制">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_28" class="md-nav__link">
    <span class="md-ellipsis">
      资源优化策略
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_29" class="md-nav__link">
    <span class="md-ellipsis">
      成本分析与控制
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_30" class="md-nav__link">
    <span class="md-ellipsis">
      高效集群配置
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_31" class="md-nav__link">
    <span class="md-ellipsis">
      持续学习与改进
    </span>
  </a>
  
    <nav class="md-nav" aria-label="持续学习与改进">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_32" class="md-nav__link">
    <span class="md-ellipsis">
      建立最佳实践文档
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_33" class="md-nav__link">
    <span class="md-ellipsis">
      安排定期评审
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#kubernetes_1" class="md-nav__link">
    <span class="md-ellipsis">
      跟踪Kubernetes社区
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_34" class="md-nav__link">
    <span class="md-ellipsis">
      实战示例：完整应用部署
    </span>
  </a>
  
    <nav class="md-nav" aria-label="实战示例：完整应用部署">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_35" class="md-nav__link">
    <span class="md-ellipsis">
      多层应用架构
    </span>
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#_36" class="md-nav__link">
    <span class="md-ellipsis">
      自动化部署流程
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
    </ul>
  
</nav>
                  </div>
                </div>
              </div>
            
          
          
            <div class="md-content" data-md-component="content">
              <article class="md-content__inner md-typeset">
                
                  

  
  


<h1 id="kubernetes">Kubernetes最佳实践指南</h1>
<h2 id="_1">架构设计最佳实践</h2>
<h3 id="_2">命名空间策略</h3>
<p>合理规划命名空间可以提升集群管理效率和资源隔离：</p>
<pre><code class="language-yaml"># 多环境命名空间示例
apiVersion: v1
kind: Namespace
metadata:
  name: dev-team1
  labels:
    environment: development
    team: team1
</code></pre>
<p>命名空间最佳实践：</p>
<ol>
<li><strong>按环境划分</strong>：development、staging、production</li>
<li><strong>按团队/项目划分</strong>：team1、team2、project-x</li>
<li><strong>为系统组件保留命名空间</strong>：kube-system、monitoring、logging</li>
<li><strong>为每个命名空间设置资源配额</strong>，避免资源争抢</li>
</ol>
<h3 id="_3">多集群架构</h3>
<p>在生产环境中，采用多集群架构可以提高可用性和安全性：</p>
<ol>
<li><strong>环境隔离</strong>：生产、非生产环境使用独立集群</li>
<li><strong>区域高可用</strong>：跨区域部署多个集群</li>
<li><strong>专用集群</strong>：为特定工作负载（如数据处理）部署专用集群</li>
<li><strong>管理工具</strong>：使用Fleet、Rancher等工具统一管理多集群</li>
</ol>
<p>多集群管理示例（使用kubefed）：</p>
<pre><code class="language-yaml"># 联邦集群配置
apiVersion: core.kubefed.io/v1beta1
kind: KubeFedConfig
metadata:
  name: kubefed
  namespace: kube-federation-system
spec:
  featureGates:
  - name: PushReconciler
    configuration: &quot;Enabled&quot;
  - name: SchedulerPreferences
    configuration: &quot;Enabled&quot;
  - name: CrossClusterServiceDiscovery
    configuration: &quot;Enabled&quot;
  - name: FederatedIngress
    configuration: &quot;Enabled&quot;
</code></pre>
<h2 id="_4">容器设计最佳实践</h2>
<h3 id="_5">镜像管理</h3>
<ol>
<li><strong>使用精简基础镜像</strong>：Alpine或Distroless替代完整操作系统</li>
<li><strong>采用明确的镜像标签</strong>：避免使用<code>latest</code>标签</li>
<li><strong>实施镜像扫描</strong>：定期检查安全漏洞</li>
<li><strong>使用多阶段构建</strong>：减小最终镜像大小</li>
</ol>
<p>多阶段构建示例：</p>
<pre><code class="language-dockerfile"># 构建阶段
FROM golang:1.17-alpine AS builder
WORKDIR /app
COPY . .
RUN go build -o app .

# 最终镜像
FROM alpine:3.14
COPY --from=builder /app/app /app
ENTRYPOINT [&quot;/app&quot;]
</code></pre>
<h3 id="_6">容器安全最佳实践</h3>
<ol>
<li>
<p><strong>以非root用户运行</strong>：
   <code>yaml
   securityContext:
     runAsUser: 1000
     runAsGroup: 1000
     fsGroup: 1000</code></p>
</li>
<li>
<p><strong>定义资源限制</strong>：
   <code>yaml
   resources:
     requests:
       memory: "128Mi"
       cpu: "100m"
     limits:
       memory: "256Mi"
       cpu: "500m"</code></p>
</li>
<li>
<p><strong>使用只读文件系统</strong>：
   <code>yaml
   securityContext:
     readOnlyRootFilesystem: true</code></p>
</li>
<li>
<p><strong>删除不必要的功能</strong>：
   <code>yaml
   securityContext:
     capabilities:
       drop:
         - ALL</code></p>
</li>
<li>
<p><strong>配置网络策略</strong>：明确定义入站和出站规则</p>
</li>
</ol>
<h2 id="_7">工作负载最佳实践</h2>
<h3 id="deployment">Deployment策略</h3>
<ol>
<li>
<p><strong>设置Pod反亲和性</strong>确保高可用：
   ```yaml
   affinity:
     podAntiAffinity:
       preferredDuringSchedulingIgnoredDuringExecution:</p>
<ul>
<li>weight: 100
     podAffinityTerm:
       labelSelector:
         matchExpressions:
         - key: app
           operator: In
           values:
           - myapp
       topologyKey: "kubernetes.io/hostname"
   ```</li>
</ul>
</li>
<li>
<p><strong>配置活性和就绪性探针</strong>：
   <code>yaml
   livenessProbe:
     httpGet:
       path: /health
       port: http
     initialDelaySeconds: 60
     periodSeconds: 10
   readinessProbe:
     httpGet:
       path: /ready
       port: http
     initialDelaySeconds: 5
     periodSeconds: 5</code></p>
</li>
<li>
<p><strong>配置优雅终止</strong>：
   <code>yaml
   terminationGracePeriodSeconds: 60</code></p>
</li>
<li>
<p><strong>适当的滚动更新策略</strong>：
   <code>yaml
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 25%
       maxUnavailable: 25%</code></p>
</li>
</ol>
<h3 id="_8">有状态应用管理</h3>
<p>使用StatefulSet管理有状态应用，并确保：</p>
<ol>
<li><strong>持久化存储</strong>使用适当的StorageClass</li>
<li><strong>配置备份策略</strong>定期备份数据</li>
<li><strong>实施主从复制</strong>提高可用性</li>
</ol>
<p>StatefulSet最佳实践示例：</p>
<pre><code class="language-yaml">apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgres
spec:
  serviceName: &quot;postgres&quot;
  replicas: 3
  selector:
    matchLabels:
      app: postgres
  template:
    metadata:
      labels:
        app: postgres
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: postgres
        image: postgres:13
        ports:
        - containerPort: 5432
          name: postgres
        volumeMounts:
        - name: data
          mountPath: /var/lib/postgresql/data
        env:
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: postgres-secret
              key: password
        - name: PGDATA
          value: /var/lib/postgresql/data/pgdata
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: [ &quot;ReadWriteOnce&quot; ]
      storageClassName: &quot;ssd&quot;
      resources:
        requests:
          storage: 10Gi
</code></pre>
<h2 id="_9">配置与密钥管理</h2>
<h3 id="_10">配置管理最佳实践</h3>
<ol>
<li><strong>分离配置与代码</strong>：使用ConfigMap存储配置</li>
<li><strong>分层配置</strong>：使用ConfigMap存储公共配置，环境特定配置</li>
<li><strong>版本控制配置</strong>：通过Git管理配置</li>
<li><strong>使用配置模板</strong>：采用Helm或kustomize管理复杂配置</li>
</ol>
<p>kustomize示例：</p>
<pre><code class="language-yaml"># kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
commonLabels:
  app: myapp
  environment: production
configMapGenerator:
- name: app-config
  env: config.env
</code></pre>
<h3 id="_11">密钥管理最佳实践</h3>
<ol>
<li><strong>使用Secret存储敏感信息</strong>而非环境变量</li>
<li><strong>使用外部密钥管理系统</strong>如Vault或AWS Secrets Manager</li>
<li><strong>加密Secret</strong>启用etcd加密</li>
<li><strong>限制访问权限</strong>通过RBAC控制Secret访问</li>
</ol>
<p>使用外部密钥管理系统示例(HashiCorp Vault)：</p>
<pre><code class="language-yaml"># 安装Vault CSI驱动
helm repo add hashicorp https://helm.releases.hashicorp.com
helm install vault hashicorp/vault \
  --set &quot;server.dev.enabled=true&quot; \
  --set &quot;injector.enabled=true&quot;

# 使用Vault密钥
apiVersion: v1
kind: Pod
metadata:
  name: app
  annotations:
    vault.hashicorp.com/agent-inject: 'true'
    vault.hashicorp.com/agent-inject-secret-database-config.txt: 'secret/data/database/config'
    vault.hashicorp.com/role: 'app'
spec:
  containers:
  - name: app
    image: app:1.0.0
</code></pre>
<h2 id="_12">网络最佳实践</h2>
<h3 id="_13">网络策略</h3>
<p>实施默认拒绝入站流量的网络策略，并明确定义允许规则：</p>
<pre><code class="language-yaml"># 默认拒绝所有入站流量
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
spec:
  podSelector: {}
  policyTypes:
  - Ingress
</code></pre>
<pre><code class="language-yaml"># 允许特定入站流量
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-backend
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend
    ports:
    - protocol: TCP
      port: 8080
</code></pre>
<h3 id="_14">服务网格集成</h3>
<p>使用服务网格（Istio、Linkerd）实现：</p>
<ol>
<li><strong>细粒度流量控制</strong></li>
<li><strong>服务间认证和加密</strong></li>
<li><strong>可观测性增强</strong></li>
<li><strong>熔断和流量拆分</strong></li>
</ol>
<p>Istio流量管理示例：</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
  - reviews
  http:
  - match:
    - headers:
        end-user:
          exact: jason
    route:
    - destination:
        host: reviews
        subset: v2
  - route:
    - destination:
        host: reviews
        subset: v1
</code></pre>
<h2 id="_15">资源管理与自动伸缩</h2>
<h3 id="_16">资源配置最佳实践</h3>
<ol>
<li><strong>设置合理的资源请求</strong>：基于实际测量的应用需求</li>
<li><strong>控制资源限制</strong>：避免OOM或CPU节流</li>
<li><strong>实施资源配额</strong>：根据命名空间限制资源使用</li>
</ol>
<pre><code class="language-yaml"># 命名空间资源配额
apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-resources
spec:
  hard:
    pods: &quot;20&quot;
    requests.cpu: &quot;4&quot;
    requests.memory: 8Gi
    limits.cpu: &quot;8&quot;
    limits.memory: 16Gi
</code></pre>
<h3 id="_17">自动伸缩策略</h3>
<ol>
<li>
<p><strong>水平Pod自动伸缩(HPA)</strong>：基于CPU/内存
   ```yaml
   apiVersion: autoscaling/v2
   kind: HorizontalPodAutoscaler
   metadata:
     name: app-hpa
   spec:
     scaleTargetRef:
       apiVersion: apps/v1
       kind: Deployment
       name: app
     minReplicas: 2
     maxReplicas: 10
     metrics:</p>
<ul>
<li>type: Resource
   resource:
     name: cpu
     target:
       type: Utilization
       averageUtilization: 80</li>
<li>type: Resource
   resource:
     name: memory
     target:
       type: Utilization
       averageUtilization: 80
   ```</li>
</ul>
</li>
<li>
<p><strong>垂直Pod自动伸缩(VPA)</strong>：自动调整资源请求
   <code>yaml
   apiVersion: autoscaling.k8s.io/v1
   kind: VerticalPodAutoscaler
   metadata:
     name: app-vpa
   spec:
     targetRef:
       apiVersion: "apps/v1"
       kind: Deployment
       name: app
     updatePolicy:
       updateMode: "Auto"</code></p>
</li>
<li>
<p><strong>集群自动伸缩(CA)</strong>：自动扩展节点池
   <code>bash
   # 使用AWS EKS的自动扩展配置
   eksctl create cluster \
     --name=my-cluster \
     --region=us-west-2 \
     --nodes-min=2 \
     --nodes-max=5 \
     --asg-access</code></p>
</li>
</ol>
<h2 id="_18">监控与可观测性</h2>
<h3 id="_19">监控架构</h3>
<ol>
<li><strong>使用Prometheus+Grafana</strong>建立监控架构</li>
<li><strong>监控关键指标</strong>：CPU、内存、网络和应用指标</li>
<li><strong>设置告警规则</strong>及时响应问题</li>
</ol>
<p>Prometheus告警规则示例：</p>
<pre><code class="language-yaml">apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: app-alerts
  namespace: monitoring
spec:
  groups:
  - name: app.rules
    rules:
    - alert: HighErrorRate
      expr: sum(rate(http_requests_total{code=~&quot;5..&quot;}[5m])) / sum(rate(http_requests_total[5m])) &gt; 0.05
      for: 5m
      labels:
        severity: critical
      annotations:
        summary: &quot;High error rate detected&quot;
        description: &quot;Error rate is above 5% for the last 5 minutes.&quot;
</code></pre>
<h3 id="_20">日志管理</h3>
<ol>
<li><strong>集中化日志收集</strong>：使用EFK或PLG栈</li>
<li><strong>结构化日志</strong>：采用JSON格式</li>
<li><strong>适当的日志级别</strong>：避免过多或过少日志</li>
<li><strong>日志保留策略</strong>：平衡存储成本与审计需求</li>
</ol>
<h3 id="_21">分布式追踪</h3>
<p>使用Jaeger或Zipkin实现分布式追踪：</p>
<pre><code class="language-yaml"># Jaeger部署
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
  name: jaeger
spec:
  strategy: allInOne
  allInOne:
    image: jaegertracing/all-in-one:1.27
  storage:
    type: memory
    options:
      memory:
        max-traces: 100000
</code></pre>
<p>应用程序集成：</p>
<pre><code class="language-yaml">env:
- name: JAEGER_SERVICE_NAME
  value: &quot;my-service&quot;
- name: JAEGER_AGENT_HOST
  value: &quot;jaeger-agent&quot;
- name: JAEGER_SAMPLER_TYPE
  value: &quot;const&quot;
- name: JAEGER_SAMPLER_PARAM
  value: &quot;1&quot;
</code></pre>
<h2 id="_22">灾备与恢复</h2>
<h3 id="_23">备份策略</h3>
<ol>
<li>
<p><strong>定期备份etcd</strong>：集群状态的关键存储
   <code>bash
   ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
     --cacert=/etc/kubernetes/pki/etcd/ca.crt \
     --cert=/etc/kubernetes/pki/etcd/server.crt \
     --key=/etc/kubernetes/pki/etcd/server.key \
     snapshot save /backup/etcd-snapshot-$(date +%Y%m%d).db</code></p>
</li>
<li>
<p><strong>使用Velero</strong>备份应用数据和配置
   ```bash
   # 安装Velero
   velero install \
     --provider aws \
     --plugins velero/velero-plugin-for-aws:v1.2.0 \
     --bucket velero-backup \
     --backup-location-config region=us-east-1 \
     --secret-file ./credentials-velero</p>
</li>
</ol>
<p># 创建备份
   velero backup create app-backup --include-namespaces app</p>
<p># 设置备份计划
   velero schedule create daily-backup \
     --schedule="0 1 * * *" \
     --ttl 720h \
     --include-namespaces app,database
   ```</p>
<ol>
<li><strong>备份持久卷数据</strong>
   <code>bash
   # 使用Velero备份PV
   velero backup create backup-with-pv \
     --include-namespaces app \
     --snapshot-volumes</code></li>
</ol>
<h3 id="_24">恢复策略</h3>
<ol>
<li><strong>定期测试恢复流程</strong>确保可靠性</li>
<li><strong>文档化恢复步骤</strong>便于紧急情况下操作</li>
<li><strong>设定目标恢复时间(RTO)和恢复点目标(RPO)</strong></li>
</ol>
<p>灾难恢复演练脚本：</p>
<pre><code class="language-bash">#!/bin/bash
# @author Loganli
# [灾备演练] Kubernetes集群故障恢复

echo &quot;开始灾难恢复演练...&quot;

# 步骤1: 备份关键数据
echo &quot;1. 执行数据备份...&quot;
velero backup create dr-test-$(date +%Y%m%d) --include-namespaces app,database

# 步骤2: 模拟故障（只在测试环境执行！）
echo &quot;2. 模拟故障...&quot;
if [[ &quot;$ENVIRONMENT&quot; == &quot;test&quot; ]]; then
  kubectl delete namespace app
  echo &quot;应用命名空间已删除，模拟灾难场景&quot;
fi

# 步骤3: 从备份恢复
echo &quot;3. 从备份恢复...&quot;
velero restore create --from-backup dr-test-$(date +%Y%m%d)

# 步骤4: 验证恢复
echo &quot;4. 验证恢复状态...&quot;
kubectl get pods -n app
kubectl get svc -n app

# 步骤5: 验证应用功能
echo &quot;5. 验证应用功能...&quot;
for svc in $(kubectl get svc -n app -o jsonpath='{.items[*].metadata.name}'); do
  echo &quot;测试服务: $svc&quot;
  kubectl run test-${svc} --image=curlimages/curl -n app --rm -it --restart=Never -- \
    curl -s http://${svc}:80/health
done

echo &quot;灾难恢复演练完成&quot;
</code></pre>
<h2 id="gitops">GitOps与基础设施即代码</h2>
<h3 id="gitops_1">GitOps工作流</h3>
<ol>
<li><strong>使用Git作为单一事实来源</strong></li>
<li><strong>声明式配置</strong>而非命令式操作</li>
<li><strong>自动化变更同步</strong></li>
</ol>
<p>使用Flux实现GitOps：</p>
<pre><code class="language-yaml"># Flux源配置
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
  name: app-repo
  namespace: flux-system
spec:
  interval: 1m
  url: https://github.com/org/app
  ref:
    branch: main
---
# Kustomization配置
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
  name: app
  namespace: flux-system
spec:
  interval: 5m
  path: &quot;./kustomize&quot;
  prune: true
  sourceRef:
    kind: GitRepository
    name: app-repo
  validation: client
</code></pre>
<h3 id="_25">多环境部署策略</h3>
<ol>
<li>
<p><strong>使用Kustomize分层配置</strong>
   <code>├── base
   │   ├── deployment.yaml
   │   ├── kustomization.yaml
   │   └── service.yaml
   ├── overlays
   │   ├── development
   │   │   ├── kustomization.yaml
   │   │   └── patch.yaml
   │   ├── staging
   │   │   ├── kustomization.yaml
   │   │   └── patch.yaml
   │   └── production
   │       ├── kustomization.yaml
   │       └── patch.yaml</code></p>
</li>
<li>
<p><strong>环境特定覆盖配置</strong>：
   ```yaml
   # overlays/production/kustomization.yaml
   apiVersion: kustomize.config.k8s.io/v1beta1
   kind: Kustomization
   resources:</p>
</li>
<li>../../base
   patchesStrategicMerge:</li>
<li>patch.yaml
   namespace: production
   ```</li>
</ol>
<p><code>yaml
   # overlays/production/patch.yaml
   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: app
   spec:
     replicas: 5
     template:
       spec:
         containers:
         - name: app
           resources:
             limits:
               memory: 512Mi
               cpu: 500m
             requests:
               memory: 256Mi
               cpu: 250m</code></p>
<h3 id="_26">推荐工具和流程</h3>
<ol>
<li><strong>基础设施即代码</strong>：</li>
<li>Terraform管理云资源</li>
<li>
<p>Helm/Kustomize管理Kubernetes资源</p>
</li>
<li>
<p><strong>CI/CD流水线</strong>：</p>
</li>
<li>Jenkins、GitLab CI或GitHub Actions</li>
<li>
<p>自动化测试、构建和部署</p>
</li>
<li>
<p><strong>版本控制策略</strong>：</p>
</li>
<li>语义化版本(Semantic Versioning)</li>
<li>Git分支策略(Gitflow或trunk-based)</li>
</ol>
<h2 id="_27">性能优化与成本控制</h2>
<h3 id="_28">资源优化策略</h3>
<ol>
<li><strong>适当规模的Pod</strong>：避免资源浪费</li>
<li><strong>使用自动伸缩</strong>：根据负载调整资源</li>
<li><strong>考虑使用Spot/Preemptible实例</strong>降低成本</li>
<li><strong>优化镜像大小</strong>：减少存储和传输成本</li>
</ol>
<h3 id="_29">成本分析与控制</h3>
<ol>
<li>
<p><strong>使用命名空间标签分类资源</strong>
   <code>yaml
   metadata:
     labels:
       cost-center: team-a
       project: web-app</code></p>
</li>
<li>
<p><strong>实施资源配额</strong>限制过度使用</p>
</li>
<li><strong>定期分析和优化</strong>：使用Kubecost等工具</li>
</ol>
<h3 id="_30">高效集群配置</h3>
<ol>
<li><strong>选择适当的节点类型</strong>：根据工作负载特性</li>
<li><strong>使用节点亲和性</strong>将工作负载放在最佳节点</li>
<li><strong>优化etcd性能</strong>：适当配置和监控</li>
</ol>
<p>高效节点选择示例：</p>
<pre><code class="language-yaml"># 为计算密集型应用选择高性能节点
apiVersion: apps/v1
kind: Deployment
metadata:
  name: compute-app
spec:
  template:
    spec:
      nodeSelector:
        node-type: compute-optimized
</code></pre>
<pre><code class="language-yaml"># 使用节点亲和性
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
      - matchExpressions:
        - key: node-type
          operator: In
          values:
          - compute-optimized
</code></pre>
<h2 id="_31">持续学习与改进</h2>
<h3 id="_32">建立最佳实践文档</h3>
<ol>
<li><strong>创建Kubernetes操作手册</strong></li>
<li><strong>标准化部署模板</strong></li>
<li><strong>记录经验教训</strong></li>
</ol>
<h3 id="_33">安排定期评审</h3>
<ol>
<li><strong>集群配置评审</strong>：安全和最佳实践</li>
<li><strong>性能和成本评审</strong>：识别优化机会</li>
<li><strong>灾备演练</strong>：验证恢复流程</li>
</ol>
<h3 id="kubernetes_1">跟踪Kubernetes社区</h3>
<ol>
<li><strong>关注新版本和特性</strong></li>
<li><strong>评估新功能的适用性</strong></li>
<li><strong>参与社区讨论</strong></li>
</ol>
<h2 id="_34">实战示例：完整应用部署</h2>
<h3 id="_35">多层应用架构</h3>
<p>以下是一个完整的多层应用部署示例，包含前端、API和数据库：</p>
<pre><code class="language-yaml"># 前端部署
apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend
  labels:
    app: myapp
    tier: frontend
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
      tier: frontend
  template:
    metadata:
      labels:
        app: myapp
        tier: frontend
    spec:
      containers:
      - name: frontend
        image: myapp/frontend:v1.0.0
        ports:
        - containerPort: 80
        resources:
          requests:
            memory: &quot;64Mi&quot;
            cpu: &quot;100m&quot;
          limits:
            memory: &quot;128Mi&quot;
            cpu: &quot;200m&quot;
        livenessProbe:
          httpGet:
            path: /health
            port: 80
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /ready
            port: 80
          initialDelaySeconds: 5
          periodSeconds: 5
---
# 前端服务
apiVersion: v1
kind: Service
metadata:
  name: frontend
  labels:
    app: myapp
    tier: frontend
spec:
  ports:
  - port: 80
  selector:
    app: myapp
    tier: frontend
---
# API部署
apiVersion: apps/v1
kind: Deployment
metadata:
  name: api
  labels:
    app: myapp
    tier: api
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
      tier: api
  template:
    metadata:
      labels:
        app: myapp
        tier: api
    spec:
      containers:
      - name: api
        image: myapp/api:v1.0.0
        ports:
        - containerPort: 8080
        env:
        - name: DB_HOST
          value: database
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: db-secret
              key: password
        resources:
          requests:
            memory: &quot;128Mi&quot;
            cpu: &quot;200m&quot;
          limits:
            memory: &quot;256Mi&quot;
            cpu: &quot;500m&quot;
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /ready
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 5
---
# API服务
apiVersion: v1
kind: Service
metadata:
  name: api
  labels:
    app: myapp
    tier: api
spec:
  ports:
  - port: 80
    targetPort: 8080
  selector:
    app: myapp
    tier: api
---
# 数据库部署
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: database
  labels:
    app: myapp
    tier: database
spec:
  serviceName: database
  replicas: 1
  selector:
    matchLabels:
      app: myapp
      tier: database
  template:
    metadata:
      labels:
        app: myapp
        tier: database
    spec:
      containers:
      - name: postgres
        image: postgres:13
        ports:
        - containerPort: 5432
        env:
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: db-secret
              key: password
        volumeMounts:
        - name: data
          mountPath: /var/lib/postgresql/data
        resources:
          requests:
            memory: &quot;256Mi&quot;
            cpu: &quot;200m&quot;
          limits:
            memory: &quot;512Mi&quot;
            cpu: &quot;500m&quot;
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: [ &quot;ReadWriteOnce&quot; ]
      storageClassName: &quot;standard&quot;
      resources:
        requests:
          storage: 10Gi
---
# 数据库服务
apiVersion: v1
kind: Service
metadata:
  name: database
  labels:
    app: myapp
    tier: database
spec:
  ports:
  - port: 5432
  selector:
    app: myapp
    tier: database
</code></pre>
<h3 id="_36">自动化部署流程</h3>
<p>完整的GitOps部署流程：</p>
<pre><code class="language-yaml"># Flux Kustomization
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: myapp
  namespace: flux-system
spec:
  interval: 5m
  path: &quot;./kustomize/overlays/production&quot;
  prune: true
  sourceRef:
    kind: GitRepository
    name: myapp-repo
  healthChecks:
  - apiVersion: apps/v1
    kind: Deployment
    name: frontend
    namespace: production
  - apiVersion: apps/v1
    kind: Deployment
    name: api
    namespace: production
  - apiVersion: apps/v1
    kind: StatefulSet
    name: database
    namespace: production
</code></pre>
<p>通过遵循这些最佳实践和示例，您可以构建出高可用、可扩展且易于管理的Kubernetes应用程序。记住，Kubernetes是一个不断发展的平台，持续学习和实践是保持最佳状态的关键。</p>












                
              </article>
            </div>
          
          
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
        </div>
        
      </main>
      
        <footer class="md-footer">
  
  <div class="md-footer-meta md-typeset">
    <div class="md-footer-meta__inner md-grid">
      <div class="md-copyright">
  
  
    Made with
    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
      Material for MkDocs
    </a>
  
</div>
      
        <div class="md-social">
  
    
    
    
    
      
      
    
    <a href="https://git.opsx.vip/docs/PythonFullStackGuide.git" target="_blank" rel="noopener" title="git.opsx.vip" class="md-social__link">
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
    </a>
  
    
    
    
    
    <a href="mailto:admin@attacker.club" target="_blank" rel="noopener" title="" class="md-social__link">
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M48 64C21.5 64 0 85.5 0 112c0 15.1 7.1 29.3 19.2 38.4l217.6 163.2c11.4 8.5 27 8.5 38.4 0l217.6-163.2c12.1-9.1 19.2-23.3 19.2-38.4 0-26.5-21.5-48-48-48zM0 176v208c0 35.3 28.7 64 64 64h384c35.3 0 64-28.7 64-64V176L294.4 339.2a63.9 63.9 0 0 1-76.8 0z"/></svg>
    </a>
  
</div>
      
    </div>
  </div>
</footer>
      
    </div>
    <div class="md-dialog" data-md-component="dialog">
      <div class="md-dialog__inner md-typeset"></div>
    </div>
    
    
    <script id="__config" type="application/json">{"base": "../../..", "features": [], "search": "../../../assets/javascripts/workers/search.f8cc74c7.min.js", "translations": {"clipboard.copied": "\u5df2\u590d\u5236", "clipboard.copy": "\u590d\u5236", "search.result.more.one": "\u5728\u8be5\u9875\u4e0a\u8fd8\u6709 1 \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.more.other": "\u5728\u8be5\u9875\u4e0a\u8fd8\u6709 # \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.none": "\u6ca1\u6709\u627e\u5230\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.one": "\u627e\u5230 1 \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.other": "# \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.placeholder": "\u952e\u5165\u4ee5\u5f00\u59cb\u641c\u7d22", "search.result.term.missing": "\u7f3a\u5c11", "select.version": "\u9009\u62e9\u5f53\u524d\u7248\u672c"}}</script>
    
    
      <script src="../../../assets/javascripts/bundle.60a45f97.min.js"></script>
      
        <script src="../../../js/prism.js"></script>
      
    
  </body>
</html>